[CMF-checkins] CVS: CMF/CMFDefault/tests -
test_RegistrationTool.py:1.5
Tres Seaver
tseaver at zope.com
Fri May 14 18:16:31 EDT 2004
Update of /cvs-repository/CMF/CMFDefault/tests
In directory cvs.zope.org:/tmp/cvs-serv19879/CMFDefault/tests
Modified Files:
test_RegistrationTool.py
Log Message:
- slurp_release.py:
o Repair breakage due to old python
- Collector #243: unchecked member property, 'email', could permit
injection of mail headers.
=== CMF/CMFDefault/tests/test_RegistrationTool.py 1.4 => 1.5 ===
--- CMF/CMFDefault/tests/test_RegistrationTool.py:1.4 Mon Apr 26 08:14:18 2004
+++ CMF/CMFDefault/tests/test_RegistrationTool.py Fri May 14 18:16:30 2004
@@ -1,28 +1,77 @@
-from unittest import TestCase, TestSuite, makeSuite, main
+import unittest
+from Products.CMFCore.tests.base.testcase import RequestTest
+
import Testing
import Zope
Zope.startup()
-from Interface.Verify import verifyClass
-from Products.CMFDefault.RegistrationTool import RegistrationTool
+class FauxMembershipTool:
+
+ def getMemberById( self, username ):
+ return None
+
+class RegistrationToolTests(RequestTest):
+
+ def _getTargetClass(self):
+
+ from Products.CMFDefault.RegistrationTool import RegistrationTool
+ return RegistrationTool
+ def _makeOne(self, *args, **kw):
-class RegistrationToolTests(TestCase):
+ return self._getTargetClass()(*args, **kw)
def test_interface(self):
from Products.CMFCore.interfaces.portal_registration \
import portal_registration as IRegistrationTool
from Products.CMFCore.interfaces.portal_actions \
import ActionProvider as IActionProvider
+ from Interface.Verify import verifyClass
+
+ verifyClass(IRegistrationTool, self._getTargetClass())
+ verifyClass(IActionProvider, self._getTargetClass())
+
+
+ def test_testPropertiesValidity_new_invalid_email( self ):
+
+ tool = self._makeOne().__of__( self.root )
+ self.root.portal_membership = FauxMembershipTool()
+
+ props = { 'email' : 'this is not an e-mail address'
+ , 'username' : 'username'
+ }
+
+ result = tool.testPropertiesValidity( props, None )
+
+ self.failIf( result is None, 'Invalid e-mail passed inspection' )
+
+ def test_spamcannon_collector_243( self ):
+
+ INJECTED_HEADERS = """
+To:someone at example.com
+cc:another_victim at elsewhere.example.com
+From:someone at example.com
+Subject:Hosed by Spam Cannon!
+
+Spam, spam, spam
+"""
+
+ tool = self._makeOne().__of__( self.root )
+ self.root.portal_membership = FauxMembershipTool()
+
+ props = { 'email' : INJECTED_HEADERS
+ , 'username' : 'username'
+ }
+
+ result = tool.testPropertiesValidity( props, None )
- verifyClass(IRegistrationTool, RegistrationTool)
- verifyClass(IActionProvider, RegistrationTool)
+ self.failIf( result is None, 'Invalid e-mail passed inspection' )
def test_suite():
- return TestSuite((
- makeSuite( RegistrationToolTests ),
+ return unittest.TestSuite((
+ unittest.makeSuite( RegistrationToolTests ),
))
if __name__ == '__main__':
- main(defaultTest='test_suite')
+ unittest.main(defaultTest='test_suite')
More information about the CMF-checkins
mailing list